Computer Science Canada I have a script error... |
Author: | xblade89 [ Fri Sep 29, 2006 12:07 pm ] | ||||
Post subject: | I have a script error... | ||||
Im making this script to test vulnerbility to a game I play this is the script
I get this message when I run it:
can you guys help? |
Author: | xblade89 [ Fri Sep 29, 2006 5:14 pm ] |
Post subject: | noone? |
c mon guys I really need help with this |
Author: | octopi [ Fri Sep 29, 2006 5:32 pm ] |
Post subject: | |
Hello, where did you get this from? did you make it? Most of the code doesn't even make sense. First off, you don't use quotes around any of your strings. Secondly, you try to make a sql query, but haven't opened a connection to an sql server yet. Also your sql string, isn't valid either. The majority of this doesn't even look like php code. There isn't really much I can do to help you, as non of it makes sense, maybe if you try to explain what your trying to do? |
Author: | Cervantes [ Fri Sep 29, 2006 5:37 pm ] |
Post subject: | |
Is this just an elaborate way to advertise your site? |
Author: | xblade89 [ Fri Sep 29, 2006 5:47 pm ] |
Post subject: | Hey |
and no its not... basically what I am tryign to do, is connect to the database of url:www.bootleggers.us to test out its vulnerbility... I want to be able to search a user from the database who has an amount of "CASH" higher than 1 trillion, and when found it is updated to another user... so basically "tycoo" has over 1 trill, and i want to be able to update the database making "xblade89"s cash x10000 using tycoos wealth... if that makes sense... |
Author: | octopi [ Fri Sep 29, 2006 5:53 pm ] |
Post subject: | |
Do you own bootleggers.us? Do you have a mysql database? |
Author: | xblade89 [ Fri Sep 29, 2006 5:56 pm ] |
Post subject: | |
thats another thing im testing, if its possible to get into it... i dont own it, its owned by a friend, and he told me to get in... thats it... |
Author: | octopi [ Fri Sep 29, 2006 5:57 pm ] |
Post subject: | |
alright, well unless you own the site, and have the required passwords to get in, then you can't do what you want. Have you friend give you the following information, if hes stupid enough to give you this information then you can mess with his site. mysql server address mysql username mysql password and mysql database name. without that information you can't do anything. |
Author: | xblade89 [ Fri Sep 29, 2006 5:58 pm ] |
Post subject: | |
well his server has been intruded before, and he changed it all, which is why he wants me to figure out how.. is there n e way at all to find out the info? |
Author: | octopi [ Fri Sep 29, 2006 5:59 pm ] |
Post subject: | |
usually the mysql server is not the same as the webserver. no, unless you have that information you can not break into his site. |
Author: | xblade89 [ Fri Sep 29, 2006 6:00 pm ] |
Post subject: | |
but is the username/password part bypassable?... if i get the server address... is it possible to still access it? |
Author: | octopi [ Fri Sep 29, 2006 6:04 pm ] |
Post subject: | |
no, thats the whole idea of a username and password, to keep people out. secondly, trying to bypass such security measures could be considered a crime. (especially if your friends website is hosted by a company) in which case it wouldn't be wise to do such things, as you could land yourself in trouble. also I will not help you attempt to break into another persons machine. if you friend is scared about security flaws on his server he should perhaps contact his web hosting company and ask them if there are any flaws. |
Author: | md [ Fri Sep 29, 2006 11:49 pm ] |
Post subject: | |
Usually people run there sql servers locally only; that way they cannot be connected to at all from remote machines. If your really looking for vulnerabilities I'd sugest looking into SQL injection attacks and looking over his site for possible places to test it. 'course it's probably illegal to do any of this (depending where you are), and even if it's not I doubt you'll get any help from here. |
Author: | War_Caymore [ Mon Oct 02, 2006 12:08 pm ] |
Post subject: | |
can i post a good idea to bypass a pass and username? or will that get me into trouble? |
Author: | octopi [ Mon Oct 02, 2006 7:02 pm ] |
Post subject: | |
go for it. |
Author: | CyberGeek [ Mon Oct 02, 2006 9:43 pm ] |
Post subject: | |
/me is waiting |